Re: [OpenSIPS-Users] openssl version launching 2.3

Tue, 25 Apr 2017 01:48:58 -0700 

Hi, Tito!
OpenSIPS uses some openssl features that are broken in the fips version of openssl. Therefore you will have to change the openssl with a version where this bug is fixed. If you can't find it in your distribution, you might consider building it yourself. 

Best regards,

Răzvan Crainea
OpenSIPS Solutions
www.opensips-solutions.com

On 04/25/2017 02:26 AM, Tito Cumpen wrote:

This becomes an issue with centos 7 as there are no supported packages 
of openssl 1.0.2 and the latest rabbitmqlib requires the 1.0.1. Also I 
cannot find an openssl-devel package of 1.0.2.  I tried 2.4 and had 
the same outcome. Any ideas what can be done here ?



On Mon, Apr 24, 2017 at 6:00 PM, Tito Cumpen <[email protected] 
<mailto:[email protected]>> wrote:


    Group,

    I am having issues launching the latest opensips 2.3. Although
    I've updated openssl and recompillled opensips


     ERROR:tls_mgm:mod_init: NOTE: check if you are using openssl
    1.0.1e-fips, (or other FIPS version of openssl, as this is known
    to be broken; if so, you need to upgrade or downgrade to a
    different openssl version!
    Apr 24 21:48:33 cloud-server-06 /sbin/opensips[14697]:
    ERROR:tls_mgm:mod_init: current version: OpenSSL 1.0.1e-fips 11
    Feb 2013
    Apr 24 21:48:33 cloud-server-06 /sbin/opensips[14697]:
    ERROR:core:init_mod: failed to initialize module tls_mgm
    Apr 24 21:48:33 cloud-server-06 /sbin/opensips[14697]:
    ERROR:core:main: error while initializing modules
    Apr 24 21:48:33 cloud-server-06 /sbin/opensips[14697]:
    INFO:core:cleanup: cleanup
    Apr 24 21:48:33 cloud-server-06 /sbin/opensips[14697]:
    NOTICE:core:main: Exiting....
    Apr 24 21:48:33 cloud-server-06 opensips: INFO:core:daemonize:
    pre-daemon process exiting with -1



    openssl version -a

    OpenSSL 1.0.2k 26 Jan 2017

    built on: reproducible build, date unspecified

    platform: linux-x86_64

    options: bn(64,64) rc4(8x,int) des(idx,cisc,16,int) idea(int)
    blowfish(idx)

    compiler: gcc -I. -I.. -I../include  -DOPENSSL_THREADS
    -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64
    -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
    -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM
    -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM
    -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM

    OPENSSLDIR: "/usr/local/ssl"



    is there any reason  opensips is using the older version still ?



    Thanks,

    Tito




_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users






















					Reply via email to